APPENDIX 5 



r 

* IPS snmpwalk functions 

* @file ips_snmpwalk.h 

* ©author jmccaskey 
7 

#ifndef SNMPWALK H 

#define SNMPWALK H 

r 

* Function to walk a specified device and oid. The function should be passed an 

* ips_device structure for the device to walk, a string for the oid to walk 

* a string to match against the returned values for each oid in the walk, and 

* a queue structure in which it will place a series of index_nodes. The optional 

* stop_after_one argument can be used to tell the function to quit after one match. 
7 

int ips_snmpwalk(struct ips_device *device, char *type, char *start_oid, unsigned char *match_string, 
queue *index_queue, int stop_after_one); 

#include "snmpwalk. c" 



#endif 



r 

* IPS snmpwalk functions 

* @file snmpwalk.c 

* ©author jmccaskey 
V 

int ips_snmpwalk(struct ips_device 'device, char *type, char *start_oid, unsigned char *match_string, 
queue *index_queue, int stop_after_one) { 
//setup some net-snmp stuff 
void *ss; 

struct snmp_session session, *sptr; 
struct snmp_pdu *pdu; 

struct snmp_pdu *response; 

oid root[MAXJ3lDJ_EN]; 

size J rootjength = MAXJDIDJ-EN; 

oid name[MAXJDIDJ_EN]; 
size J namejength = MAX_OID_LEN; 
struct variablejist *vars; 
int status, liberr, syserr; 
char *errstr; 
int count=1; 

//setup snmp session options 
session = ips_snmp_sess_init(device); 

//open session 

ss = snmp_sess_open(&session); 
if(!ss){ 

/* Error codes found in open calling argument */ 
snmp_error(&session, &liberr, &syserr, &errstr); 
flockfile(stdout); 

fprintf(stdout, "snmpwalk: %s\n", errstr); 
funlockfile(stdout); 
free(errstr); 
if (response) 

snmp_free_pdu(response); 
snmp_sess_close(ss); 

return(6); 

} 

sptr = snmp_sess_session(ss); 
//add oid to walk 

getjiode(start_oid, root, &rootJength); 
memmove(name, root, rootjength * sizeof(oid)); 
namejength = rootjength; 
int running = 1; 
while (running==1) { 

/** Create the pdu for the get next request and add the object name to it 7 

pdu = snmpj3du_create(SNMP_MSG_GETNEXT); 
snmp_add_null_var(pdu, name, namejength); 

/** Get the response from the device */ 

status = snmp__sess_synch_response(ss, pdu, &response); 

if(status == STAT_SUCCESS) { 

if(response->errstat == SNMP_ERR_NOERROR) { 



for(vars = response->variables; vars; vars = vars->next_variable) { 

/** Check that the resulting variable is part of the desired tree 7 
if((vars->name_length < rootjength) || (memcmp(root, vars- 

>name, rootjength * sizeof(oid))!= 0)) { 

//not in the right sub tree 

running = 0; 
continue; 
} 

/** Print out variable 7 

//print_variable(vars->name t vars->namejength, vars); 

/** Check if this is one of the values we are looking for... 7 
char delim[1] = {'.'}; 
char *oid_string; 

assert(oid_string=malloc(4000)); 
int match = 0; 

//tunnel type specific matching code 
if(strcmp(type, "ciscojpsec")==0) { 

//match each individual tunnel octet using the raw snmp 

bitstring values 

if(vars->val.bitstring[0]==match_string[0] && vars- 

>val.bitstring[1]==match_string[1] 

&& vars->val.bitstring[2]==match_string[2] && vars- 

>val.bitstring[3]==match_string[3]) { 

match ~ 1 ; 

} 

} else if(strcmp(type, ,, netscreen_ipsec M )==0) { 
char value[100]; 

snprint_va!ue(value, 100, vars->name, vars- 

>namejength, vars); 

if(strcmp(value, match_string)==0) { 
match = 1 ; 

} 

} else if(strcmp(type, "altigajpsec")— 0) { 
char value[100], 

snprint_value(value, 100, vars->name, vars- 

>namejength, vars); 

if(strcmp(value, match_string)==0) { 
match = 1 ; 

} 

} else if(strcmp(type t M ips_emulated")==0) { 
char value[100]; 

snprint_value(value, 100, vars->name, vars->namejength, vars); 
if(strcmp(value, match_string)==0) { 
match = 1; 

} 

} else { 

flockfile(stdout); 

fprintf(stdout, "unknown type: %s\n", type); 
funlockfile(stdout); 

// 

} 

//check if this was a match - if so get the index and queue it up 
if(match == 1){ 



//we have a match... figure out what the index was 
snprint_objid(oid_string, 4000, vars->name, vars->namejength); 
char *strindex = NULL; 
char *temp = NULL; 
char *pos; 
pos = oid_string; 

//strsep is a gnu c specific extension... it replaces the non thread safe (and 

slower) strtok from ansi c... 

temp = strsep(&pos, delim); 
while(temp != NULL) { 

strindex = temp; 

strcpy(strindex, temp); 

temp = strsep(&pos, delim); 

} 

//push the index into the queue 
index_node *inode; 

assert(inode = malloc(sizeof(*inode))); 

//flockfile(stdout); 

//fprintf(stdout, 'Value of index: yosXn", strindex); 

//funlockfile(stdout); 
inode->value = atoi(strindex); 
queue_put(index_queue, (queue_node *)inode); 

if(stop_after_pne==1) { 

//we are done if we only want one value to be found 
running = 0; 

} 

#ifdef DEBUG 

flockfile(stdout); 

fprintf(stdout, "Session Id Match: %d\n'\ inode->value); 
funlockfile(stdout); 

#endif 

} 

free(oid_string); 

/** Check that the value isn't an exception (not at the end yet) */ 
if ((vars->type != SNMP_ENDOFMIBVIEW) && 
(vars->type != SNMP_NOSUCHOBJECT) && 
(vars->type != SNMP_NOSUOHlNSTANCE)) { 

/** Check that the oids are increasing... no infinite loops! 

*/ 

if (snmp_oid_compare(name, namejength, vars->name, vars- 

>namejength) >= 0) { 

flockfile(stdout); 

fprintf(stdout, "Error: OID not increasing: "); 
fprint_objid(stdout, name, namejength); 

fprintf(stdout, " >= "); 
fprint_objid(stdout, vars->name, vars->name_length); 

fprintf(stdout, "\n"); 

funlockfile(stdout); 

running = 0; 

continue; 

} 



r* Move the new variable into the old one so we can 

continue doing get next's */ 

memmove((char *) name, (char *) vars->name ( vars- 

>name_length * sizeof(oid)); 

namejength = vars->namejength; 

} else { 

/** An exception value was found, probably at the end of 

the tree we are walking */ 

running = 0; 
continue; 

} 
} 

} else { 

/** There was an error in the response */ 
running = 0; 

if (response->errstat == SNMP_ERR_NOSUCHNAME) { 
flockfile(stdout); 
fprintf(stdout, "End of MIB\n"); 
funlockfile(stdout); 

} else { 

flockfile(stdout); 

fprintf(stdout, "Error in packetAnReason: %s\n", 

snmp_errstring(response->errstat)); 

funlockfile(stdout); 
if (response->errindex != 0) { 
flockfile(stdout); 
fprintf(stderr, "Failed object: "); 

for (count = 1, vars = response->variables; vars && count != 

response->errindex; 

vars = vars->next_variable, count++) 
TEMPTY*/; 

if (vars) 

fprint_objid(stdout, vars->name, vars- 

>name_!ength); 

fprintf(stdout, "\n"); 
funlockfile(stdout); 

} 

} 
} 

} else if (status == STAT_TIMEOUT) { 
flockfile(stdout); 

fprintf(stdout, "Timeout: No Response from %s\n", session.peername); 

funlockfile(stdout); 

running = 0; 

} else { 

snmp_sess_perror("snmpwalk" 1 ss); 
running = 0; 

} 

if (response) 

snmp_free_pdu(response); 

} 

snmp_sess_close(ss); 



return(O); 

} 



